Looking at the auth code currently in login.pm
and LedgerSMB.pm as well as the exceptions in lsmb-request.pl
, I'm coming to the conclusion that LedgerSMB.pm has been coded based on the assumption that every request needs to be authenticated against the database and that if authentication fails, an auth popup should be returned.
However, as it turns out, this situation causes problems when the database doesn't actually exist, or when the application "only" wants to authenticate, but not generate a full request series (such as the login.pl:authenticate() function).
I'm thinking we can resolve the issue we're seeing now by:
* Stopping to connect to the database in LedgerSMB.pm:new()
* Factor out the database connection logic
* Factor out session initialization logic (the part which is based on the DB connection)
* Introduce a mechanism whereby a module (e.g. login.pm
) can signal
one or more of its actions doesn't want a preconnected database handle
* Make database connection and session initialization explicit parts of lsmb-request,
if the module doesn't disallow it
This way, we can remove any implicit auto-connection to the database from all lower level calls.
What about it?
Robust and Flexible. No vendor lock-in.